Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2024-10977

    Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a h... Read more

    Affected Products : postgresql
    • Published: Nov. 14, 2024
    • Modified: Feb. 20, 2025

  • 3.7

    LOW
    CVE-2025-32789

    EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of... Read more

    Affected Products : espocrm
    • Published: Apr. 16, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.7

    LOW
    CVE-2025-48946

    liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malf... Read more

    Affected Products : liboqs
    • Published: May. 30, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cryptography

  • 3.7

    LOW
    CVE-2024-10106

    A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buffer.... Read more

    Affected Products : emberznet emberznet_sdk
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Memory Corruption

  • 3.7

    LOW
    CVE-2024-58249

    In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL.... Read more

    Affected Products : wxwidgets
    • Published: Apr. 16, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-2014-0476

    The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.... Read more

    Affected Products : ubuntu_linux chkrootkit
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2013-7347

    Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-335... Read more

    Affected Products : enterprise_linux conga
    • Published: Mar. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.7

    LOW
    CVE-2012-0081

    Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration.... Read more

    Affected Products : glassfish_server
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2011-2503

    The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the... Read more

    Affected Products : systemtap
    • Published: Jul. 26, 2012
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2012-0133

    HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card.... Read more

    • Published: Apr. 12, 2012
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2024-21671

    The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in... Read more

    Affected Products : vantage6
    • Published: Jan. 30, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2010-1161

    Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.... Read more

    Affected Products : nano
    • Published: Apr. 16, 2010
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2013-1959

    kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying t... Read more

    Affected Products : linux_kernel
    • Published: May. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2012-4572

    Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class nam... Read more

    • Published: Oct. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.7

    LOW
    CVE-2024-21210

    Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via... Read more

    Affected Products : jdk jre java_se
    • Published: Oct. 15, 2024
    • Modified: Jun. 18, 2025

  • 3.7

    LOW
    CVE-2007-0775

    Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execut... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Feb. 26, 2007
    • Modified: Apr. 09, 2025

  • 3.7

    LOW
    CVE-2023-42010

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.7

    LOW
    CVE-2002-2092

    Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.... Read more

    Affected Products : freebsd netbsd openbsd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2004-1445

    A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.... Read more

    Affected Products : nessus
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2002-0430

    MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.... Read more

    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 294316 Results